Exploits Stories February 25, 2014

Security researchers highlight iOS flaw that enables hidden logging of touch events and other actions

Researchers at security firm FireEye are highlighting an exploit involving iOS’s multitasking architecture to enable a nefarious (or exploited) app to record user touch events, Home Button presses and other events even whilst the app is backgrounded. It has always been theoretically possible for apps to record touch events whilst foregrounded, as the app needs access to the touch input to respond to user events. However, FireEye are demonstrating that this is possible even when the iOS app is not frontmost.

Exploits Stories November 5, 2012

Use Sophos antivirus? Watch out

Tim Bray notes a post on Neohapsis:

A working exploit for Sophos 8.0.6 on Mac is available, however the techniques used in the exploit easily transfer to Windows and Linux, due to multiple critical implementation flaws described in the paper. Testcases for the other flaws described in the paper are available on request.

Sophos responded with a post on the multiple vulnerabilities, and it responded over and over that “Sophos has seen no evidence of this vulnerability being exploited in the wild.” But, is that really good enough? How about issuing a fix in the two plus months that they’ve known about these issues?  It only takes one wild exploit.

Sophos gave 9to5Mac the following comment:

Some were fixed last month, and for others we started rolling out patches to our users today.  :-)

Users of Sophos products should be automatically updated, but if anyone wants to be sure they can initiate a manual update.

Exploits Stories July 2, 2011

@comex, a member of the Dev-team has been working hard on an iPad2 jailbreak since the device was released.  The jailbreak will use another PDF exploit via jailbreakme.com and support iOS 4.2.1-4.3.3.  Last night, however, one of the jailbreak beta testers leaked the exploit online.  This version of the JailbreakMe 3.0 exploit has not been confirmed by the Dev-Team or @Comex himself.  Many users have reported that this exploit only works with WIFI-only iPads and issues with Safari crashing.  (Sounds wonderful!)

We must reiterate that this Jailbreak has not been confirmed by the Dev-Team to be working or even safe.  Several iPad2 Jailbreak related malware have been distributed recently, so proceed with caution if you must attempt to use this leak. Hopefully we will hear from the Dev-Team or even receive an official iPad2 Jailbreak soon. Screenshot below:

expand full story

Powered by WordPress.com VIP